On 01/03/13 17:25, Grant Edwards wrote:
def lessDangerousEval(expr):
global symbolTable
if 'import' in expr:
raise ParseError("operand expressions are not allowed to contain the string
'import'")
globals = {'__builtins__': None}
locals = symbolTable
return eval(expr, globals, locals)
I can guarantee that symbolTable is a dict that maps a set of string
symbol names to integer values.
For what definition of "safe"? Are CPython segfaults a problem?
Blowing the stack? Do you aim to prevent exploitable things like
system calls or network/file access?
-tkc
--
http://mail.python.org/mailman/listinfo/python-list